Was wondering if y’all have any creative ways to solve a problem that I’m not seeing much prior art for on The Internets — or I’m failing to write the correct keywords on the search box . We currently have a terrible, terrible solution that’s one of my least favorite parts of our code.
In a GitOps workflow, one would have (for example) two repositories, the app repository and the infrastructure repository. The latter would have the versions of the app that are currently deployed, and you’d presumably have something monitoring the infrastructure repository, making the current live state match the state in the repository, right?
Okay so, how are y’all bumping the version in the infrastructure repository when you make changes to the app repository. I think in an ideal situation, you’d build/release the app repository to a version, and percolate that version that was chosen into the infrastructure repository. Some challenges off the top
- Getting Buildkite to play with another repository in the same pipeline
- Presumably your infrastructure repository requires a +1 approval for compliance reasons, right? So getting the actual version bump into the main branch can be… annoying.
Some fine but maybe not great idea’s I’ve had:
For resolving 1, maybe the answer is having Buildkite trigger another pipeline that’s for the infrastructure repository but number 2 is just painful.
For resolving both, you could just have the deployed versions be in an external system (if we assume this is Kubernetes and you have ArgoCD, you could store the version in the ArgoCD App), but then the infrastructure repository doesn’t have a full view of the desired state.
For resolving 2, you could have the user making the commits be a special superuser (in GitHub parlance, Admin) and disable the +1 approval validation for that class of user… That works but feels icky, and falls down if actual humans are Admin too.
For resolving 2, you could have the user create a pull request and have some relatively complex orchestration to auto-approve the pull request using an alternate user, waiting for status checks, and committing it…
Anyways, been mulling this over and trying to research it on my own for a while, and have not come up with an answer I like, so figured I’d reach out for halp